If we consider each vulnerability alone, we have no chance to execute
commands at the iPlanet Web Server since XSS payload is Browser Hijacking
and the vulnerable PERL script is protected by an authentication schema.

iPlanet Web Server suffers from a XSS vulnerability when the Administrator
reviews the error logs through iPlanet Admin Server. XSS triggers once
the Administrator has successfully logged on the Admin Server.

The trick is not to exploit the open() PERL vulnerability directly, but
use instead the XSS to redirect the Administrator's browser to the URL
that will cause the open() command injection.
Since he is already authenticated, we bypass the authentication schema.